Tagua VM

Goals

The PHP language currently has two majors virtual machines (VM): Zend Engine and HHVM . Zend Engine is the original VM, it is mainly written in C and counts hundreds of contributors. HHVM is mainly written in C++ and also counts hundreds of contributors. HHVM, by being more recent, has a more state-of-the-art approach and offers features like Just-In-Time compilation.

However, both VM are written in unsafe languages, where segmentation faults, data races, memory corruptions etc. are very frequent and are severe errors/vulnerabilities.

Tagua VM has a different approach.

It is written in Rust: A language that guarantees memory safety, threads without data races (by using the move semantics, data ownership, borrowing, lifetime…), zero-cost abstractions, minimal runtime and, as a bonus, efficient C bindings,

It relies on LLVM for the compiler backend: A solid, state-of-the-art, research, widely used modular and reusable compiler and toolchains technologies.

Instead of re-developing our own algorithms to get a better VM, LLVM will be used. It natively provides a typed Intermediate Representation (IR) language , kind of an “opcode” (to match the classical PHP vocabulary). Because this IR language is typed, it forces us to have advanced analysis about PHP types, but this is another topic.

Safety first

The legend says that PHP powers more than 80% of the Web applications. The two biggest websites in terms of traffic, namely Wikipedia and Facebook , are written in PHP. Thus, this is extremely important to have a safe VM to run these applications.

Since the old days of Computer Science, numerous bugs and vulnerabilities in OS (like Linux or BSD), in libraries (like Gclibc), in major programs (like Bash or X.org), have been found, simply due to the lack of memory and type safety. Intrinsically, Rust enforces safety statically, hence removing most of the memory vulnerabilities like segmentation faults or data races.

LLVM, as for it, is written in C++. Rust provides efficient C bindings and can check the safety of these bindings as most as possible. Rust stops checking when encountering an unsafe block. We commit to land the smallest unsafe surfaces as much as possible and abstracting the data from Rust to LLVM in order to help Rust ensuring the safety.

High quality

The quality of a project can be defined in various ways. Here is what we mean when speaking about quality.

Documentation: Always up-to-date, detailed as much as possible, both for API and user documentations.

Unit tests: Each functions, each structures, each traits is unit tested. No code lands without a unit test.

Integration tests: Tagua VM is both a library and a binary; the library part also has an integration test suite.

Continuous Integration: Each set of commits must compile and must not introduce a regression on all build targets.

Installing

To install Tagua VM, you must have Rust (see the Rust installation page ) and LLVM (see the LLVM installation page ) installed. This is important to have llvm-config available in the path. This is also important to have cargo available in the path too. Cargo is the Rust package manager.

To build a release version:

$ cargo build --release $ ./target/release/tvm --help

To build a development version:

$ cargo build $ ./target/debug/tvm --help

Contributing

Do whatever you want. Just respect the license and the other contributors. Your favorite tool is going to be:

$ cargo test

to run all the test suites (unit test suites, integration test suites and documentation test suites).

カンバン

In order to get an overview of what need to be done, what is in progress and what has been recently done, a kanban board is available .

Documentation

The documentation is not online yet. To generate it locally, please, run the following command: